Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
484a7f77ceb77964b6d1f2e267b181753758cc1d
Redflag/docs/3_BACKLOG/P3-002_Security-Status-Dashboard-Indicators.md

7.3 KiB
Raw Blame History

Security Status Dashboard Indicators

Priority: P3 (Enhancement) Source Reference: From quick-todos.md line 4 Status: Ready for Implementation

Problem Statement

The current dashboard lacks visual indicators for critical security features such as machine binding, Ed25519 verification, and nonce protection. Administrators cannot quickly assess the security posture of agents without drilling down into detailed views.

Feature Description

Add security status indicators to the main dashboard that provide at-a-glance visibility into agent security configurations, including machine binding status, cryptographic verification state, nonce protection activation, and overall security health scoring.

Acceptance Criteria

  1. Visual security status indicators on main dashboard
  2. Individual status for: machine binding, Ed25519 verification, nonce protection
  3. Color-coded status (green for secure, yellow for partial, red for missing)
  4. Security health score or badge for each agent
  5. Summary security metrics across all agents
  6. Click-through to detailed security configuration view
  7. Real-time updates as security status changes
  8. Tooltip information explaining each security feature

Technical Approach

1. Data Structure Enhancement

Security Status API (aggregator-server/internal/api/handlers/):

type AgentSecurityStatus struct {
    AgentID              uuid.UUID `json:"agent_id"`
    MachineBindingActive bool      `json:"machine_binding_active"`
    Ed25519Verification  bool      `json:"ed25519_verification"`
    NonceProtection      bool      `json:"nonce_protection"`
    SecurityScore        int       `json:"security_score"` // 0-100
    LastSecurityCheck    time.Time `json:"last_security_check"`
    SecurityIssues       []string  `json:"security_issues"`
}

2. Backend Security Status Calculation

Security Assessment Service (aggregator-server/internal/services/):

func (s *SecurityService) CalculateSecurityStatus(agent Agent) AgentSecurityStatus {
    status := AgentSecurityStatus{
        AgentID: agent.ID,
    }

    // Check machine binding from agent config
    status.MachineBindingActive = agent.Config.MachineIDBinding != ""

    // Check Ed25519 verification
    status.Ed25519Verification = agent.Config.Ed25519VerificationEnabled

    // Check nonce validation
    status.NonceProtection = agent.Config.NonceValidation

    // Calculate security score (0-100)
    status.SecurityScore = calculateSecurityScore(status)

    return status
}

3. Frontend Dashboard Components

Security Indicator Component (aggregator-web/src/components/SecurityStatus.tsx):

interface SecurityStatusProps {
  machineBinding: boolean;
  ed25519Verification: boolean;
  nonceProtection: boolean;
  securityScore: number;
}

const SecurityStatus: React.FC<SecurityStatusProps> = ({
  machineBinding,
  ed25519Verification,
  nonceProtection,
  securityScore
}) => {
  return (
    <div className="security-indicators">
      <SecurityBadge
        label="Machine Binding"
        active={machineBinding}
        description="Agent is bound to specific hardware"
      />
      <SecurityBadge
        label="Ed25519"
        active={ed25519Verification}
        description="Cryptographic verification enabled"
      />
      <SecurityBadge
        label="Nonce Protection"
        active={nonceProtection}
        description="Replay attack protection active"
      />
      <SecurityScore score={securityScore} />
    </div>
  );
};

Enhanced Agent Cards (aggregator-web/src/pages/Agents.tsx):

  • Add security status row to agent cards
  • Implement security status filtering
  • Add security status to search functionality

4. API Integration

Agent List Enhancement:

  • Include security status in /api/v1/agents response
  • Add /api/v1/agents/:id/security endpoint for detailed view
  • Real-time updates via existing polling mechanism

5. Visual Design Implementation

Status Indicators:

  • Green Shield: All security features active (100% score)
  • Yellow Shield: Partial security configuration (50-99% score)
  • Red Shield: Missing critical security features (<50% score)

Icons and Badges:

  • Machine binding: Hardware icon
  • Ed25519: Key/cryptographic icon
  • Nonce protection: Shield/lock icon
  • Overall score: Circular progress indicator

Definition of Done

  • Security status API endpoint implemented
  • Security assessment logic working
  • Dashboard displays security indicators for each agent
  • Color-coded status indicators implemented
  • Security score calculation functional
  • Tooltips and explanations working
  • Real-time status updates via polling
  • Responsive design for mobile viewing

Test Plan

  1. Unit Tests

    • Security score calculation algorithm
    • API response structure validation
    • Component rendering with various security states

  2. Integration Tests

    • End-to-end security status flow
    • Real-time status updates
    • Click-through functionality to detailed views

  3. Visual Tests

    • Status indicator colors for different security levels
    • Responsive layout on various screen sizes
    • Tooltip display and positioning

  4. User Acceptance Tests

    • Administrator can identify security issues at a glance
    • Security status helps prioritize agent maintenance
    • Clear understanding of what each security feature means

Files to Modify

  • aggregator-server/internal/services/security_service.go - New service
  • aggregator-server/internal/api/handlers/agents.go - Add security status to agent list
  • aggregator-web/src/components/SecurityStatus.tsx - New component
  • aggregator-web/src/components/SecurityBadge.tsx - New component
  • aggregator-web/src/pages/Agents.tsx - Integrate security indicators
  • aggregator-web/src/lib/api.ts - Add security status API calls

Security Score Calculation

Base Points:

  • Machine binding: 40 points
  • Ed25519 verification: 35 points
  • Nonce protection: 25 points

Bonus Points:

  • Recent security check: +5 points
  • No security violations: +10 points
  • Config version current: +5 points

Total Score: 0-100 points

Implementation Phases

Phase 1: Backend API

  1. Implement security status calculation service
  2. Add security status to agent API responses
  3. Create dedicated security status endpoint

Phase 2: Frontend Components

  1. Create SecurityStatus and SecurityBadge components
  2. Implement status indicator styling
  3. Add tooltips and explanations

Phase 3: Dashboard Integration

  1. Add security indicators to agent cards
  2. Implement security status filtering
  3. Add security summary metrics

Estimated Effort

  • Development: 12-16 hours
  • Testing: 6-8 hours
  • Review: 3-4 hours
  • Design/UX: 4-6 hours

Dependencies

  • Existing agent configuration data
  • Current agent list API structure
  • React component library
  • Agent polling mechanism

Risk Assessment

Low Risk - Enhancement that adds new functionality without modifying existing behavior. Visual indicators can be rolled out incrementally without affecting core functionality.

Future Enhancements

  1. Security Alerts: Notifications for security status changes
  2. Historical Tracking: Security status over time
  3. Compliance Reporting: Security posture reports
  4. Bulk Operations: Apply security settings to multiple agents
  5. Security Policies: Define and enforce security requirements
Reference in New Issue View Git Blame Copy Permalink